Access to chairman`s personal account

On the homepage at NCA website, you need to go to “Personal Account” section, then sign in to your Personal Account.

1

Sign in to your Personal Account.

36

In the window opened, you should select the “Keys Repository” from the list containing: Personal Computer, eTokenPRO (Java, 72K), JaCarta, Kaztoken, AKey.

2

In the “Path to keys repository” field, you need to indicate the path to where your certificates are contained.

To select the required registration certificate click “Browse” button and select authentication key (AUTH_RSA_......).

3

In the dialogue window that emerged, fill in your password to access keys and registration certificates obtained after submission of application and click “Update the List of Keys” button and then press “Sign” button.

4

In chairman`s personal account, information will be displayed on current applications submitted on behalf of organization and that need to be signed by chairman.

5

Access to chairman`s personal account is completed.

Personal registration certificates management

“Family Name” Menu

User’s “Family Name” menu contains information on NCA user profile. In the settings, you may select the interface language, as well as cancel the receipt of notifications to your email.

6

To cancel the receipt of notifications to your email, in “Profile`s Data” section tick a relevant box and click “Confirm” button.

7

To sign out from the Personal Account, go to “Family Name” Menu – *“Sign out”.

“My Digital Signature Keys” Menu»

To work with digital signature keys, go to the “My digital signature keys” tab.

8

In the drop-down menu, select one of the below subsections:

• Digital signature keys renewal – provides capability of submitting an application online (subject to availability of effective keys), with no need to validate the application in Registration Authority; • Digital signature keys revocation – provides capability of revoking the certificates; • List of digital signature keys – displays the existing certificates; • Checking the application status – provides capability of checking the status of the application submitted and of setting the certificates; • Change of digital signature key password – provides capability of changing the password for digital signature keys.

Checking the Application Status

Upon confirming the application, open the “My digital signature keys” menu, and go to “Checking the application status” section. In “Application Number” field, fill in a unique number that you received and click “Search” button.

9

To set up the certificates, please indicate the folder where your private keys were stored and press the search icon. Indicate the storage place of your private keys generated at the time you submitted the application.

NB! In the event that in setting up the certificates, the keys were generated to one of the supported secure media: eToken 72K, JaCarta, Kaztoken, AKey, you should connect the device to the PC.

If you use the PC as keys repository, the fields for password will appear. Invent and enter your password for digital signature keys.

NB! Password must contain Latin characters and digits. The password length should be 6 to 32 characters. In addition, password may include: Latin upper-case letters and wildcard characters «#$^+=!*()@%&_?-.».

10

You must remember the password you indicated! The password shall NOT be recovered! NCA shall not keep your password, and if you lose your password, these digital signature keys must be revoked.

Press the “Upload certificates” button.

The window will appear informing of the successful setting of the certificates.

11

Certificates have been set up.

Digital Signature Keys Renewal

To apply for registration certificates renewal, go to “My Digital Signature Keys” tab – “Digital Signature Keys Renewal”.

NB: When applying from Personal Account, Chairman signs the application by his/her digital signature keys. There is no need to verify the application in Registration Authority. The number of applications submitted from Personal Account is restricted (50 applications within 30 days).

Before verifying the application, you need to set up keys. To do this, select “Keys Repository”: PC, eToken PRO (Java, 72K), JaCarta, Kaztoken, AKey. In “Path to Keys Repository” field, indicate a folder which has registration certificate GOSTNCA for signing and click “Save” button.

12

Familiarize with user agreement and confirm your consent.

Your data (full name, BIN, IIN, organization`s name) is filled in automatically. Fill in “Locality” field and if you need to receive notifications from NCA of the RoK, indicate your e-mail.

13

In “Keys Repository” field indicate the repository type: PC, eToken 72K, JaCarta, Kaztoken, AKey.

14

If PC is chosen as Keys Repository, in “Path to Keys Repository” field you need to indicate folder in which container will be created to store your private key. After the application is confirmed by Registration Authority operator, registration certificates will be installed.

NB! The “Personal Computer” repository is insecure. We recommend using the secure key information media to reduce the risk of compromising the digital signature keys.

To do this, press “Browse” button and select folder or device to store your digital signature keys.

15

After the place of storage is chosen, press “Open” button. Then press “Apply” button. In “Edit Application” window, select “Application is Signed by User” status.

Afterwards, you need to confirm the correctness of data indicated in application and tick the box.

16

On the next page you will see information on the status of your application. “Registration Certificates are Issued” status will be indicated and the program will automatically indicate the previous place of storage for private keys. Then, install certificates.

17

Renewal of digital signature keys has been successfully completed.

Digital Signature Keys Revocation

To revoke registration certificate, select registration certificate from the list and click “Edit” button.

NB! To revoke registration certificate you need to have a valid signature key (GOSTKNCA). Therefore, to revoke registration certificate, you need to revoke authentication key first (AUTH_RSA) and afterwards revoke signature key (GOSTKNCA).

Indicate keys repository.

18

Select a key for signing (GOSTNCA).

19

To revoke registration certificate you need to indicate the reason. In the window that appears, select the revocation reason.

20

Tick the box and click “Revocation” button.

21

Sign with the digital signature keys (GOSTNCA).

22

The certificate revocation procedure is completed.

List of Digital Signature Keys

In the drop-down menu, select the “List of digital signature keys” section.

In the “List of Digital Signature Keys” field, a list of all registration certificates is shown as well as their current statuses. There is also the function of separate display of list of digital signature keys by the following statuses: effective, revoked, and expired ones.

23

There is also a capability to extract data on registration certificates in Excel. To do this, click “Upload to xlsx” button.

24

Change of Digital Signature Keys Password

To change your digital signature keys password, you need to go to the “Change of digital signature key password” section. In the opened window, indicate the location of your keys in the “Keys Repository” field.

Important!In the “Keys Repository” field, if you indicate the secure media then the password shall be set up directly to the secure media. In the event that you indicate your PC in the “Keys Repository” field, then the password will be set up directly to the digital signature keys.

Specify the “Path to keys repository”. Fill in the field for password entering and press the “Change” button. If you select the “Personal Computer” repository, then indicate digital signature key for the password to be changed. The password change procedure must be performed separately for each key.

25

NB! If you have changed your password but forgotten it, you need to undergo the procedure of obtaining digital signature keys again. NCA shall not keep your password.

The password has been successfully changed.

Employees` digital signatures management

Applications for digital signature keys

To confirm the application on issuance of digital signature keys, go to “Employees` Digital Signatures” tab – “Application to Obtain Digital Signature Keys” section.

26

To track a certain application, use filter to sort applications, fill in the following fields “Application Number”, “Creation Date”, “Application Status”, “IIN” and press “Search” button.

To display all applications, click “Search” button with empty filter.

27

Next to the selected application, click “Edit” button.

28

Before applying, you need to set up a key. To do this, select “Keys Repository”: PC, eToken PRO(Java, 72K), JaCarta, Kaztoken, AKey. In “Path to Keys Repository” field, indicate folder where GOSTNCA digital signature key is located and click “Save” button.

29

Then, check data indicated in application and select application status.

30

Select the following application status: “Application Approved by Chairman”. In case if request should be rejected, select the following status: “Application Rejected by Chairman”.

31

Afterwards, you need to check the correctness of data and tick the box.

32

After application is approved by chairman, it receives the following status: “Application Approved by Chairman”. If application was rejected, it receives the following status: “Application Rejected by Chairman”.

33

Approval of application by chairman is completed.

List of Digital Signature Keys

To view all registration certificates issued for employees, select “Employees` Digital Signatures” tab – “List of Digital Signature Keys” section. The section displays the list of registration certificates of all employees as well as their current status.

34

Signing authority

To make approval of a large number of applications from legal entity's employees more convenient, a capability is available in Chairman's Personal Account to assign the authority to approve and reject employees registration certificates (hereinafter: Authority). This enables chairman to delegate rights to an employee with authority to sign and to HR employee. Additionally, HR employee's account is set up in such a manner that he/she can revoke registration certificates of legal entity`s employees.

Go to “Employees` Digital Signatures” tab – “Authority Management” section.

35

To assign the authority to approve or reject applications on issuance of registration certificate, tick the box next to the relevant role (“HR employee” or “Employee with Authority to Sign”) in the first table and click “Generate Data for Signing” button.

To assign the authority to revoke applications submitted by an organization`s employees, tick the box next to the relevant role (“HR employee” or “Employee with Authority to Sign”) and click “Generate Data for Signing” button.

The procedure to assign the authority to approve/revoke employees` applications is completed.

Issuance of digital signature by a template “Information System (LE)”

To submit an application for obtainment of digital signature keys by a template “Information system (LE)”, you need to go to “My digital signature keys” menu item, then select the section “Issuance of digital signature by a template “Information System (LE)”.

37

Then, verify using «GOST» keys for signing.

38

After signing, you need to fill in the required fields: "Select IS and indicate a path to keys storage”.

39

Note! In case if there is nothing in “Name of Information System” field, it means that no information system (IS) is registered to your BIN. You need to register your IS by obtaining an object identifier (OID) pursuant to the Rules for registration, re-registration and cancelation of object identifiers in Kazakhstani segment of object identifiers No. 281 as of March 17, 2016 (adilet.zan.kz). After OID assignment, repeat the procedure, your information system will be available for obtainment of registration certificates thereto.

After selection of an information system, confirm an application by signing it with «GOST» keys.

40

Install a password and upload certificates and in doing so complete the procedure of digital signature keys obtainment for IS.

41

After installation of registration certificates, a window will open with indication of an application status “Certificates have been successfully installed”.

42

Obtainment of registration certificates has been successfully completed.